CVE-2025-6600

216.73.216.6

· Published 01/07/2025 19:15 · Modified 01/07/2025 19:15

Labels: CVE-2025-6600 2025-07-01 CVE-2025-6600 CWE-200 [email protected]

Essential information

Published: 01/07/2025 19:15
Modified: 01/07/2025 19:15
Author: —
Creator: —
CVSS: 6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
github / github enterprise server	`cpe:2.3:a:github:github_enterprise_server:3.17:::::::*`
github / github enterprise server	`cpe:2.3:a:github:github_enterprise_server:3.17.2:::::::*`